From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 27 20:09:03 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1A3541065749
	for <freebsd-questions@freebsd.org>;
	Tue, 27 Apr 2010 20:09:03 +0000 (UTC)
	(envelope-from john@starfire.mn.org)
Received: from elwood.starfire.mn.org (starfire.skypoint.net [173.8.102.29])
	by mx1.freebsd.org (Postfix) with ESMTP id D931C8FC14
	for <freebsd-questions@freebsd.org>;
	Tue, 27 Apr 2010 20:09:02 +0000 (UTC)
Received: from elwood.starfire.mn.org (john@localhost [127.0.0.1])
	by elwood.starfire.mn.org (8.14.3/8.14.3) with ESMTP id o3RK91YV092222; 
	Tue, 27 Apr 2010 15:09:02 -0500 (CDT)
	(envelope-from john@elwood.starfire.mn.org)
Received: (from john@localhost)
	by elwood.starfire.mn.org (8.14.3/8.14.3/Submit) id o3RK91i2092221;
	Tue, 27 Apr 2010 15:09:01 -0500 (CDT) (envelope-from john)
Date: Tue, 27 Apr 2010 15:09:01 -0500
From: John <john@starfire.mn.org>
To: Vincent Hoffman <vince@unsane.co.uk>
Message-ID: <20100427200901.GA92209@elwood.starfire.mn.org>
References: <20100427193106.GA91570@elwood.starfire.mn.org>
	<4BD73F21.1030504@unsane.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4BD73F21.1030504@unsane.co.uk>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-questions@freebsd.org
Subject: Re: Really simple spam trap - /dev/pf permissions?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 20:09:03 -0000

On Tue, Apr 27, 2010 at 08:46:41PM +0100, Vincent Hoffman wrote:
> On 27/04/2010 20:31, John wrote:
> > This seems to be working pretty well, and I'll eventually take the
> > print statement out, but I'm not sure why I had to make /dev/pf
> > public read/write in order to get the pfctl command to work.
> >
> > What is the best solution to be able to add to my spammers table
> > in pf without making it public read/write?
> >   
> It would probably make more security sense to add the user that the
> script is running as to a group (say pfctl)
> then make the /dev/pf device group owned by the pfctl group and group
> writable.
> Other options include sudo access for your scripts user to run a
> specific pfctl command.
> 

Oh, yeah, duh!  Add mailnull to a pfctl group... That makes sense.
-- 

John Lind
john@starfire.MN.ORG